isignsessionremote.java

一套JAVA的CA证书签发系统.

/*************************************************************************
 *                                                                       *
 *  EJBCA: The OpenSource Certificate Authority                          *
 *                                                                       *
 *  This software is free software; you can redistribute it and/or       *
 *  modify it under the terms of the GNU Lesser General Public           *
 *  License as published by the Free Software Foundation; either         *
 *  version 2.1 of the License, or any later version.                    *
 *                                                                       *
 *  See terms of license at gnu.org.                                     *
 *                                                                       *
 *************************************************************************/
 
package se.anatom.ejbca.ca.sign;

import java.rmi.RemoteException;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509CRL;
import java.util.Collection;
import java.util.Vector;

import javax.ejb.ObjectNotFoundException;

import se.anatom.ejbca.ca.caadmin.extendedcaservices.ExtendedCAServiceNotActiveException;
import se.anatom.ejbca.ca.caadmin.extendedcaservices.ExtendedCAServiceRequest;
import se.anatom.ejbca.ca.caadmin.extendedcaservices.ExtendedCAServiceRequestException;
import se.anatom.ejbca.ca.caadmin.extendedcaservices.ExtendedCAServiceResponse;
import se.anatom.ejbca.ca.caadmin.extendedcaservices.IllegalExtendedCAServiceRequestException;
import se.anatom.ejbca.ca.exception.AuthLoginException;
import se.anatom.ejbca.ca.exception.AuthStatusException;
import se.anatom.ejbca.ca.exception.CADoesntExistsException;
import se.anatom.ejbca.ca.exception.IllegalKeyException;
import se.anatom.ejbca.ca.exception.SignRequestException;
import se.anatom.ejbca.ca.exception.SignRequestSignatureException;
import se.anatom.ejbca.log.Admin;
import se.anatom.ejbca.protocol.IRequestMessage;
import se.anatom.ejbca.protocol.IResponseMessage;

/**
 * Creates certificates. Remote interface for EJB.
 *
 * @version $Id: ISignSessionRemote.java,v 1.30 2004/05/23 12:54:23 herrvendil Exp $
 */
public interface ISignSessionRemote extends javax.ejb.EJBObject {
	/**
	 * Retrieves the certificate chain for the signer. The returned certificate chain MUST have the
	 * RootCA certificate in the last position.
	 *
	 * @param admin Information about the administrator or admin preforming the event.
	 *
	 * @return The certificate chain, never null.
	 *
	 * @throws RemoteException if a communication or other error occurs.
	 */
    public Collection getCertificateChain(Admin admin, int caid) throws RemoteException;

	/**
	 * Creates a signed PKCS7 message containing the whole certificate chain, including the
	 * provided client certificate.
	 *
	 * @param admin Information about the administrator or admin preforming the event.
	 * @param cert client certificate which we want encapsulated in a PKCS7 together with
	 *        certificate chain.
	 *
	 * @return The DER-encoded PKCS7 message.
	 *
     * @throws CADoesntExistsException if the CA does not exist or is expired, or has an invalid cert
     * @throws SignRequestSignatureException if the certificate is not signed by the CA
	 * @throws RemoteException if a communication or other error occurs.
	 */
	public byte[] createPKCS7(Admin admin, Certificate cert) throws CADoesntExistsException, SignRequestSignatureException, RemoteException;

	/**
	 * Creates a signed PKCS7 message containing the whole certificate chain of the specified CA.
	 *
	 * @param admin Information about the administrator or admin preforming the event.
	 * @param caId CA for which we want a PKCS7 certificate chain.
	 *
	 * @return The DER-encoded PKCS7 message.
	 *
     * @throws CADoesntExistsException if the CA does not exist or is expired, or has an invalid cert
	 * @throws RemoteException if a communication or other error occurs.
	 */	
	public byte[] createPKCS7(Admin admin, int caId) throws CADoesntExistsException, RemoteException;
        
	/**
         * Requests for a certificate to be created for the passed public key with default key usage
         * The method queries the user database for authorization of the user.
         *
         * @param admin Information about the administrator or admin preforming the event.
         * @param username unique username within the instance.
         * @param password password for the user.
         * @param pk the public key to be put in the created certificate.
         *
         * @return The newly created certificate or null.
         *
         * @throws ObjectNotFoundException if the user does not exist.
         * @throws AuthStatusException If the users status is incorrect.
         * @throws AuthLoginException If the password is incorrect.
         * @throws IllegalKeyException if the public key is of wrong type.
         * @throws RemoteException if a communication or other error occurs.
         */		
    public Certificate createCertificate(Admin admin, String username, String password, PublicKey pk)
        throws RemoteException, ObjectNotFoundException, AuthStatusException, AuthLoginException, 
            IllegalKeyException, CADoesntExistsException;

    /**
     * Requests for a certificate to be created for the passed public key with the passed key
     * usage. The method queries the user database for authorization of the user. CAs are only
     * allowed to have certificateSign and CRLSign set.
     *
     * @param admin Information about the administrator or admin preforming the event.
     * @param username unique username within the instance.
     * @param password password for the user.
     * @param pk the public key to be put in the created certificate.
     * @param keyusage integer with mask describing desired key usage in format specified by
     *        X509Certificate.getKeyUsage(). id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
     *        KeyUsage ::= BIT STRING { digitalSignature        (0), nonRepudiation          (1),
     *        keyEncipherment         (2), dataEncipherment        (3), keyAgreement (4),
     *        keyCertSign             (5), cRLSign                 (6), encipherOnly (7),
     *        decipherOnly            (8) }
     *
     * @return The newly created certificate or null.
     *
     * @throws ObjectNotFoundException if the user does not exist.
     * @throws AuthStatusException If the users status is incorrect.
     * @throws AuthLoginException If the password is incorrect.
     * @throws IllegalKeyException if the public key is of wrong type.
     * @throws RemoteException if a communication or other error occurs.
     */
    public Certificate createCertificate(Admin admin, String username, String password,
        PublicKey pk, boolean[] keyusage)
        throws RemoteException, ObjectNotFoundException, AuthStatusException, AuthLoginException, 
            IllegalKeyException, CADoesntExistsException;

    /**
     * Requests for a certificate to be created for the passed public key with the passed key
     * usage. The method queries the user database for authorization of the user. CAs are only
     * allowed to have certificateSign and CRLSign set.
     *
     * @param admin Information about the administrator or admin preforming the event.
     * @param username unique username within the instance.
     * @param password password for the user.
     * @param pk the public key to be put in the created certificate.
     * @param keyusage integer with bit mask describing desired keys usage, overrides keyUsage from
     *        CertificateProfiles if allowed. Bit mask is packed in in integer using constants
     *        from CertificateData. -1 means use default keyUsage from CertificateProfile. ex. int
     *        keyusage = CertificateData.digitalSignature | CertificateData.nonRepudiation; gives
     *        digitalSignature and nonRepudiation. ex. int keyusage = CertificateData.keyCertSign
     *        | CertificateData.cRLSign; gives keyCertSign and cRLSign
     *
     * @return The newly created certificate or null.
     *
     * @throws ObjectNotFoundException if the user does not exist.
     * @throws AuthStatusException If the users status is incorrect.
     * @throws AuthLoginException If the password is incorrect.
     * @throws IllegalKeyException if the public key is of wrong type.
     * @throws RemoteException if a communication or other error occurs.
     *
     * @see se.anatom.ejbca.ca.store.CertificateData
     */
    public Certificate createCertificate(Admin admin, String username, String password,
        PublicKey pk, int keyusage)
        throws RemoteException, ObjectNotFoundException, AuthStatusException, AuthLoginException, 
            IllegalKeyException, CADoesntExistsException;

    /**
     * Requests for a certificate to be created for the passed public key with the passed key
     * usage and using the given certificate profile. This method is primarily intended to be used when 
     * issueing hardtokens having multiple certificates per user.
     * The method queries the user database for authorization of the user. CAs are only
     * allowed to have certificateSign and CRLSign set.
     *
     * @param admin Information about the administrator or admin preforming the event.
     * @param username unique username within the instance.
     * @param password password for the user.
     * @param pk the public key to be put in the created certificate.
     * @param keyusage integer with bit mask describing desired keys usage, overrides keyUsage from
     *        CertificateProfiles if allowed. Bit mask is packed in in integer using constants
     *        from CertificateData. -1 means use default keyUsage from CertificateProfile. ex. int
     *        keyusage = CertificateData.digitalSignature | CertificateData.nonRepudiation; gives
     *        digitalSignature and nonRepudiation. ex. int keyusage = CertificateData.keyCertSign
     *        | CertificateData.cRLSign; gives keyCertSign and cRLSign
     *@param certificateprofileid used to override the one set in userdata. 
     *       Should be set to SecConst.PROFILE_NO_PROFILE if the regular certificateid shpuld be used
     *
     * @return The newly created certificate or null.
     *
     * @throws ObjectNotFoundException if the user does not exist.
     * @throws AuthStatusException If the users status is incorrect.
     * @throws AuthLoginException If the password is incorrect.
     * @throws IllegalKeyException if the public key is of wrong type.
     * @throws RemoteException if a communication or other error occurs.
     *
     * @see se.anatom.ejbca.ca.store.CertificateData
     */
    public Certificate createCertificate(Admin admin, String username, String password,
        PublicKey pk, int keyusage, int certificateprofileid)
        throws RemoteException, ObjectNotFoundException, AuthStatusException, AuthLoginException, 
            IllegalKeyException, CADoesntExistsException;